1. Field of the Invention
This invention relates to a data-processing system which protects the secrecy of confidential data.
2. Description of the Prior Art
Any data processing system includes a data-processing machine connected to an apparatus for transmitting data to the machine. Of these systems, some are intended to process data made up of both data of a routine nature and confidential data. In such systems the confidential data is generally used to authorize the dialogue between the machine and the operator via the said data-transmitting apparatus. Specific examples of typical systems will be described herein by way of example; however, for a better understanding of the problems of prior art systems and approaches to solutions of these problems, reference may be had to applicant's copending application, Ser. No. 905,453, corresponding to French application 77-16098 and copending application, Ser. No. 900,503, corresponding to French application 77-12781, both of which are assigned to the assignee of the present invention.
A first example of systems of this nature is provided by systems which comprise a data processing machine that includes a member intended to process a predetermined confidential item of data generally referred to as a code key or more simply as a key. To prevent any illicit use of the system, the code key is changed regularly. In such a system, the operator first has to transmit an item of confidential data corresponding to the code key, via the data transmitting device of the machine, to the member which holds the key. If they are the same the member authorizes a dialogue between the machine and the operator for data of any kind, be it confidential or otherwise.
To avoid any misunderstanding in the remainder of the description, what is termed confidential data will be the data which is used as a key to open the dialogue between the machine and the operator. Also, the said member which holds the code key will be referred to below as the auxiliary member, in particular because of its function in the system and its interchangeable nature.
A second example of a known system relates to systems which employ credit cards. In cases where the credit cards contains only the personal code key of the cardholder, these systems are similar to those of the previous example, and the auxiliary member is formed by each of the various credit cards. It is known, however, that the trend is towards introducing an integrated circuit device into cards to record the operations which take place, such as, for example, crediting and/or debiting. In such systems, the auxiliary member thus no longer processes simply the confidential data, but also certain of the items of data passing between the machine and the operator.
In all these systems, it may be noted that the keyboard available to the operator is used to transmit both confidential data intended for the auxiliary member and also data intended for the machine after the auxiliary member has authorized a dialogue. The keyboard is thus a public device at the disposal of a large number of people, but can only be used to good effect after the correct confidential item of data or key has been transmitted. Thus, it is possible for an unauthorized user to use either the keyboard or the space which separates the keyboard from the auxiliary member to discover the confidential item of data or key which an operator will subsequently transmit to the auxiliary member.
In the case of the first example, assuming the key has been discovered, it will then be possible for the unauthorized user to gain direct access to the machine. In the case of the second example, the unauthorized user will have to steal a card from an operator who meets his requirements. With the introduction of cards incorporating circuits particularly to record credit and/or debit operations performed at a remote banking terminal or at the cashdesks of shops, theft of cards containing a key is expected to become a greater problem.
In all the systems which have just been discussed, the secrecy of the confidential data has so far been protected at the auxiliary member. In the system of the first example, the key is changed regularly, and in the systems cited in the second example, either a limited number of attempts is allowed for transmitting the confidential data or else the card or the integrated circuit device embodies means to prevent anybody from discovering the confidential data or key contained in the card. However, the unauthorized user still has the opportunity of working via the keyboard or via the space which separates the keyboard from the machine.